example

We want to make the following firewall rule to be applyable to different network interfaces (for e.g. different environments) with just one variable:

firewall { "010-reject-port":
  ensure      => present,
  dport       => [ 80 ],
  destination => $::ipaddress_eth0,
  proto       => 'tcp',
  action      => 'drop',
  iniface     => 'eth0',
}

UI/UX Design by

We make sure that your target audience has the best possible experience with your digital product. You get:

• Design tailored to your audience
• Proven processes customized to your needs
• An expert team of experienced designers

Read more Show archive.org snapshot

We can create a $firewall_interface variable and apply it to iniface but how can we ensure that the correct ipaddress factof the corresponding interface is used for destination?

Solution:

Use getvar from the puppetlabs stdlib Show archive.org snapshot :

$firewall_interface = 'eth0'

firewall { "010-reject-port":
  ensure      => present,
  dport       => [ 80 ],
  destination => getvar("::ipaddress_${firewall_interface}"),
  proto       => 'tcp',
  action      => 'drop',
  iniface     => $firewall_interface,
}